Hey Michael - Great comments - The "send to a list" statements were just an example, but it illustrated a method by which one could abstract one's self from any "custodial" duties in regard to the data. You could send it anywhere. Of course, you can also just keep it all local and treat the files as sensitive and ensure that all key files go through some key management process if you like.
I just like having choices. I never said it was the ideal implementation - I just said it would be a secure, workable way of doing it. t From: [email protected] [mailto:[email protected]] On Behalf Of Michael Neal Vasquez Sent: Monday, June 14, 2010 4:39 PM To: Thor (Hammer of God) Cc: [email protected]" Subject: Re: [Full-disclosure] Introducing TGP... Why send it to a public form/blog/email list, etc. When you could email it to yourself, mitigating some of Stu's concerns, yet still making it available to yourself... Additionally, you're adding less traffic (a tiny bit less, true, but less...) Send it to multiple email accounts if you're worried about an outage.... (gmail. yahoo. hushmail. etc) Why replicate it in all these different archives. It's an interesting idea, but I'm not convinced it's the ideal implementation.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
